Legend:

Trac uses a simple but flexible permission system to control what users can and can't access.

4

Trac uses a simple permission system to control what users can and can't access.

5

5

6

6

Permission privileges are managed using the [wiki:TracAdmin trac-admin] tool.

7

7

8

Regular visitors, non-authenticated users, accessing the system are assigned the default

9

role (''user'') named {{{anonymous}}}.

10

Assign permissions to the {{{anonymous}}} user to set privileges for non-authenticated/guest users.

8

Non-authenticated users accessing the system are assigned the name "anonymous". Assign permissions to the "anonymous" user to set privileges for anonymous/guest users. The parts of Trac that a user does not have the privileges for will not be displayed in the navigation.

11

9

12

In addition to these privileges users can be granted additional individual

13

rights in effect when authenticated and logged into the system.

10

In addition to these privileges, users can be granted additional individual rights in effect when authenticated and logged into the system. All logged in users belong to the virtual group "authenticated", which inherits permissions from "anonymous".

14

11

15

12

== Available Privileges ==

16

13

17

To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system, it will let you do anything you want.

14

To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system, it will allow you perform any operation.

18

15

19

Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac:

16

Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac (not that the privilege names are case-sensitive):

Group membership can be checked by doing a {{{permission list}}} with no further arguments; the resulting output will include group memberships. Use lowercase for group names, as uppercase is reserved for permissions.

95

96

== Removing Permissions ==

97

98

Permissions can be removed using the 'remove' command. For example:

99

100

This command will prevent the user ''bob'' from deleting reports:

101

{{{

102

$ trac-admin /path/to/projenv permission remove bob REPORT_DELETE

103

}}}

104

105

Just like `permission add`, this command accepts multiple privilege names.